RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 947912 - ipa-server-install's help text wrong for --external_cert_file, --external_ca_file
Summary: ipa-server-install's help text wrong for --external_cert_file, --external_ca_...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-03 14:07 UTC by Rob Crittenden
Modified: 2015-01-16 08:39 UTC (History)
2 users (show)

Fixed In Version: ipa-3.2.1-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 10:03:03 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Rob Crittenden 2013-04-03 14:07:15 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3523

The help text and man pages for `ipa-server-install`'s `--external_cert_file` and `--external_ca_file` state that the options take PKCS#10 files. That doesn't make much sense as PKCS#10 is a format for CSRs.

The options actually take PEM certs.
Comment 1 Martin Kosek 2013-04-15 11:34:13 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/b36380fff80d5a6755240bd65b6ef432ef2741e6
Comment 4 Namita Soman 2013-12-03 19:58:45 UTC 
Verified using ipa-server-3.3.3-5

Automated Test Result:
:: [ 14:15:41 ] ::  EXECUTING: ipa-server-install --help > /tmp/tmp.MMBZ7iZWfM/ipaserverinstall_default.out 2>&1
:: [   PASS   ] :: Capturing ipa-server-install's help text (Expected 0, got 0)
Usage: ipa-server-install [options]

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit

  basic options:
    -r REALM_NAME, --realm=REALM_NAME
                        realm name
    -n DOMAIN_NAME, --domain=DOMAIN_NAME
                        domain name
    -p DM_PASSWORD, --ds-password=DM_PASSWORD
                        admin password
    -P MASTER_PASSWORD, --master-password=MASTER_PASSWORD
                        kerberos master password (normally autogenerated)
    -a ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD
                        admin user kerberos password
    --mkhomedir         create home directories for users on their first login
    --hostname=HOST_NAME
                        fully qualified name of server
    --ip-address=IP_ADDRESS
                        Master Server IP Address
    -N, --no-ntp        do not configure ntp
    --idstart=IDSTART   The starting value for the IDs range (default random)
    --idmax=IDMAX       The max value value for the IDs range (default:
                        idstart+199999)
    --no_hbac_allow     Don't install allow_all HBAC rule
    --no-ui-redirect    Do not automatically redirect to the Web UI
    --ssh-trust-dns     configure OpenSSH client to trust DNS SSHFP records
    --no-ssh            do not configure OpenSSH client
    --no-sshd           do not configure OpenSSH server
    -d, --debug         print debugging information
    -U, --unattended    unattended (un)installation never prompts the user

  certificate system options:
    --external-ca       Generate a CSR to be signed by an external CA
    --external_cert_file=EXTERNAL_CERT_FILE
                        PEM file containing a certificate signed by the
                        external CA
    --external_ca_file=EXTERNAL_CA_FILE
                        PEM file containing the external CA chain
    --dirsrv_pkcs12=DIRSRV_PKCS12
                        PKCS#12 file containing the Directory Server SSL
                        certificate
    --http_pkcs12=HTTP_PKCS12
                        PKCS#12 file containing the Apache Server SSL
                        certificate
    --dirsrv_pin=DIRSRV_PIN
                        The password of the Directory Server PKCS#12 file
    --http_pin=HTTP_PIN
                        The password of the Apache Server PKCS#12 file
    --root-ca-file=ROOT_CA_FILE
                        PEM file with root CA certificate(s) to trust
    --subject=SUBJECT   The certificate subject base (default O=<realm-name>)

  DNS options:
    --setup-dns         configure bind with our zone
    --forwarder=FORWARDERS
                        Add a DNS forwarder
    --no-forwarders     Do not add any DNS forwarders, use root servers
                        instead
    --reverse-zone=REVERSE_ZONE
                        The reverse DNS zone to use
    --no-reverse        Do not create reverse DNS zone
    --zonemgr=ZONEMGR   DNS zone manager e-mail address. Defaults to
                        hostmaster@DOMAIN
    --no-host-dns       Do not use DNS for hostname lookup during installation
    --no-dns-sshfp      Do not automatically create DNS SSHFP records

  uninstall options:
    --uninstall         uninstall an existing installation. The uninstall can
                        be run with --unattended option
:: [   PASS   ] :: Running 'cat /tmp/tmp.MMBZ7iZWfM/ipaserverinstall_default.out' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.MMBZ7iZWfM/ipaserverinstall_default.out' should not contain 'PKCS#10'
Comment 5 Ludek Smid 2014-06-13 10:03:03 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.
Note You need to log in before you can comment on or make changes to this bug.